* Using gpg and gitattributes together
@ 2008-02-27 0:13 Johannes Schindelin
2008-02-29 14:59 ` Johannes Schindelin
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Schindelin @ 2008-02-27 0:13 UTC (permalink / raw)
To: git
Hi,
I just added my .netrc to a repository where I track some files that I
would hate to lose. However, since I mirror that repository to a machine
where other people than me have root access, I thought that I encrypt the
file with gpg.
To make this procedure more convenient for me, I decided not to encrypt
with a private key, but with a passphrase, and to use gitattributes to do
the encryption for me:
$ echo 'netrc filter=gpg' > .gitattributes
$ git config filter.gpg.clean 'gpg --cipher-algo AES256 -c'
$ git config filter.gpg.smudge 'gpg --decrypt'
$ git add netrc
It asks quite a few times for the passphrase (as expected), but I had to
add the file twice (not expected). However, since it worked now, I am
happy.
Maybe somebody else will find this information useful.
Ciao,
Dscho
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Using gpg and gitattributes together
2008-02-27 0:13 Using gpg and gitattributes together Johannes Schindelin
@ 2008-02-29 14:59 ` Johannes Schindelin
2008-02-29 20:02 ` Jeff King
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Schindelin @ 2008-02-29 14:59 UTC (permalink / raw)
To: git
Hi,
On Wed, 27 Feb 2008, Johannes Schindelin wrote:
> I just added my .netrc to a repository where I track some files that I
> would hate to lose. However, since I mirror that repository to a
> machine where other people than me have root access, I thought that I
> encrypt the file with gpg.
>
> To make this procedure more convenient for me, I decided not to encrypt
> with a private key, but with a passphrase, and to use gitattributes to
> do the encryption for me:
>
> $ echo 'netrc filter=gpg' > .gitattributes
> $ git config filter.gpg.clean 'gpg --cipher-algo AES256 -c'
> $ git config filter.gpg.smudge 'gpg --decrypt'
> $ git add netrc
>
> It asks quite a few times for the passphrase (as expected), but I had to
> add the file twice (not expected). However, since it worked now, I am
> happy.
>
> Maybe somebody else will find this information useful.
Unfortunately, this procedure has an issue I was not able to fix, and not
even Daniel's checkout patch could fix it.
When encrypting, gpg uses a random element (to make the encryption harder
to break, I guess). So when I update netrc with "git add" (and nothing
was changed), git will have a _different_ blob.
So I just tried "git checkout netrc", hoping that the index would be
updated to say that the netrc file is current, after writing it.
But that did not work, since git checkout insisted on readding the file
(which again resulted in a different blob, and therefore netrc seems to be
out-of-date at all times).
So scrap that method.
Ciao,
Dscho
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Using gpg and gitattributes together
2008-02-29 14:59 ` Johannes Schindelin
@ 2008-02-29 20:02 ` Jeff King
0 siblings, 0 replies; 3+ messages in thread
From: Jeff King @ 2008-02-29 20:02 UTC (permalink / raw)
To: Johannes Schindelin; +Cc: git
On Fri, Feb 29, 2008 at 02:59:43PM +0000, Johannes Schindelin wrote:
> When encrypting, gpg uses a random element (to make the encryption harder
> to break, I guess). So when I update netrc with "git add" (and nothing
> was changed), git will have a _different_ blob.
This is probably due to two things:
1. random salting of the passphrase when generating a key
To turn a passphrase into a key, you usually do something like
salt = some random data
K = hash(salt + passphrase)
and then include the salt in your message (since the decrypter
needs to know it). The point is to avoid dictionary attacks against
common passphrases (IOW, if "foobar" always becomes 0xabcdef, then
I can just build a table lookup to make brute forcing faster).
So you can turn this off at the price of lessened security against
dictionary attacks.
2. CBC mode with a random IV
Most symmetric algorithms are block ciphers. There are many "modes"
for encrypting a stream; a common one is CBC, which works like
this:
C[0] = random initial vector
C[i] = E(K, P[i] ^ C[i-1])
so each block depends on the block before, and the first block
depends on some randomly selected data.
You can switch to ECB mode, where C[i] = E(P[i]), but it can reveal
patterns in the data (there is a nice graphical example on the
wikipedia page:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
You can also use the same IV over and over again, but that does
leak some information: you can tell up to which block two messages
encrypted with the same key and IV are the same.
In the case of your netrc, either of these is probably OK. You are
only trying to keep secret one fixed string within the file.
I don't think gpg's command-line interface is flexible enough to change
any of these options, but I might be wrong. You can definitely use
openssl like this:
openssl aes-256-ecb -nosalt
If you wanted to implement higher quality encryption in git, you could
just encrypt/decrypt objects going into the object database (like how we
do zlib compression), but still name them by hash. The downside, though,
is that if objects are named by their contents, there is an obvious
"guessing" attack where I can see if your repo contains an object with
particular content. There might be a way around that, but I'd have to
give it some thought.
-Peff
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-02-29 20:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-02-27 0:13 Using gpg and gitattributes together Johannes Schindelin
2008-02-29 14:59 ` Johannes Schindelin
2008-02-29 20:02 ` Jeff King
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).